Google has a blog post up discussing their threat modeling when deploying “post-quantum” (PQC) cryptographic algorithms. It’s an interesting read. https://bughunters.google.com/blog/5108747984306176/google-s-threat-model-for-post-quantum-cryptography